Every year, a few hundred people pass through our Security Awareness Training program here at Intuity. It is a simple half day course designed to educate our customers and their staff on cyber security trends, scams, phishing attacks, and best practices. Over the past three years our training department at Intuity have gained valuable insights on the state of IT Security in SMEs across Ireland.
Here are three at risk groups we have identified;
- The Clickers
- The Leaders
- The It Would Never Happen to Me’s
These team members are some of the most thoughtful and efficient people. In their effort to process a large volume of work, typically emails, they accidentally click on dodgy links and could potentially initiate money transfers in order to get things done quickly or help someone out. These are your self-starters who work away without secondary approval.
Until you do a simulation phishing attack with your own staff, you don’t really know who your “Clickers” are. The results might surprise you! It is important to provide continuous training to this group and teach them to identify phishing attempts. By building their knowledge and curbing their knee-jerk reactions, you will save your business a whole lot of time, money, and heartache.
Senior Management and Board Members are some of the most high-risk individuals in your organization because they have access to a lot of sensitive information, they travel often, and they tend to see security features as productivity blockers. Would you believe me if I told you that it is not uncommon to meet a CEO who has access to restricted company files on his or her phone or tablet who is using their year of birth as the pin code?
Explain the real cost of a security breach by breaking down the time, resources, and equipment required to recover. It is also helpful to educate decision makers on the best practices being exercised by customers and competitors in your industry. What leader doesn’t want their organization to be on top? Finally, it is important to make sure your leadership team has the right equipment to meet the demands of their role, new technology doesn’t just look flashy; it comes with many integrated security features too!
The “It would never happen to me’s”
Staff are immersed in technology every day and we know this familiarity builds confidence. But does this create a false sense of security? Absolutely. Every organization has IT savvy staff who are too busy for security training. The reality is that everyone poses a risk and cyber crime is evolving at such a fast rate that there is no way for anyone to be immune! It’s the same as when you get into the car, it’s important to wear your seat belt no matter how confident you are as a driver. The risk is always there.
It is important to make security a normal part of the workday. Build security into your daily conversations about finance, process development, and change management. If you have an incident or a near miss, don’t hide it under the rug! Find a way to effectively communicate to all staff the threat your organization faced and what you did to prevent it. Print out phishing emails your organization receives and put them up in the canteen. Last but certainly not least, make Security Awareness Training part of your on-boarding process or mandatory staff training.
Be Prepared, Be Proactive
Usually we get a request to arrange Security Awareness Training after a scare or a security incident has occurred. It doesn’t have to be this way. Contact us for a proactive solution today and together we can beat the odds against cybercrime.
Email us at firstname.lastname@example.org or fill out the form below and one of the team will get back to you.